Adsense HTML

Is cybersecurity insurance worth the risk?

A good source of information about cybersecurity risks is the Information Security Forum (ISF).

For example, ISF recently published an interesting report regarding cybersecurity insurance.  Is cybersecurity insurance worth the risk?  See Report.

Reverse Domain Name Hijacking Lawsuit Dismissed in USA

An interesting legal decision regarding the domain name pocketbook.com was handed down by a United States district judge this month.  The case arose out of this NAF UDRP decision from 2019 that decided for the domain name owner:  https://www.adrforum.com/DomainDecisions/1857174.htm

The court reviewed the Anticybersquatting Consumer Protection Act (ACPA) prohibits reverse
domain name hijacking, which occurs when “overreaching trademark owners” interfere with a
domain name registrant’s lawful use of a domain name. 

The court decided that the requirement that the domain name “has been suspended, disabled, or transferred” does not include temporary suspension during the pendency of a UDRP case.

See decision here https://domainnamewire.com/wp-content/pocketbook.pdf  and case note here.


Privacy Act Review in Australia

The Australian Attorney-General's Office has released the Privacy Act Review Discussion Paper and seeks comments before 10 January 2022. The discussion paper considers these matters:

  • Scope, application & effectiveness of the Privacy Act
  • Direct rights of action by individuals
  • Statutory tort for invasion of privacy
  • Notifiable data breach scheme effectiveness
  • Enforcement power effectiveness
  • Aspects of a certification scheme

https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/

Concurrently, the AG's Office is holding this consultation at the same time as a consultation on the exposure draft of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (Online Privacy Bill).

The Online Privacy Bill addresses the pressing privacy challenges posed by social media and certain other online platforms.

The Privacy Act Review seeks to build on the outcomes of the Online Privacy Bill to ensure that Australia's privacy law framework empowers consumers, protects their data and supports the Australian economy.

Non Specialist Lawyers Doing Domain Name Disputes - A big risk!

In my opinion, there is a big risk using a non-specialist lawyer to run a domain name dispute under the UDRP or auDRP.  A recent example is the Brisbane law firm Dowd & Co running a domain name dispute under the UDRP for a complainant.  Not only were they unsuccessful, there was a finding of Reverse Domain Name Hijacking (RDNH) against the Complainant, and resulting bad publicity.

The Panel stated:

"It is evident from the Complaint in this case that the Complainant has not fully appreciated the requirement to prove both registration and use in bad faith.... This Complaint was therefore doomed to fail at the outset as the Complainant could not prove registration in bad faith. The Complainant and/or its legal counsel should have appreciated this. A passing familiarity with Policy precedent on this issue (for example, as described in section 3.8 of the WIPO Overview 3.0) is something that the Panel is entitled to expect from parties represented by legal counsel, and it is lacking here. Such familiarity would have caused the Complainant to be aware of its difficulties in pursuing the Complaint. A modicum of additional research would also have indicated to the Complainant that the Respondent itself had created and run a business by the name of “Streamline Servers”, well before 2009, and it therefore had a bona fide basis for registration of the disputed domain name."

Not something good to have on the public record against you.

See GSL Networks Pty Ltd. v. Domains By Proxy, LLC / Alex Alvanos, Bobservers, WIPO Case No. D2021-2255

See Domain Wire

Cyber Insurance

An excellent paper on Cyber Insurance in Australia:  "Underwritten or Oversold".  Well worth reading.

From the CSCRC (the Cyber Security Cooperative Research Centre).


Affiliate Program Advertisers Must Take Care Not to be Misleading

Many businesses run affiliate programs.  That is, a publisher or blogger will receive a commission for referring people to the website of the business.

For example, The Circle is a good novel that considers the future of social media, and I will receive a small commission if you buy The Circle from Amazon via this link:  https://amzn.to/3pawSJK  Or better still, buy my book!  https://amzn.to/3vl85Dy

There are even affiliate programs for bitcoin purchases https://app.bitcoinlatinum.com/invite?ref=UD03527

Amazon recently emailed the following to their affiliate program members (which they call an Associates Program), to ensure that the affiliate is not acting in a misleading way (which is not uncommon):

This is a recurring reminder that any time you share an associate link, it’s important to disclose that to your audience. They will trust you more if you are transparent about where you are directing them and why. To meet the Associate Program’s requirements, you must (1) include a legally compliant disclosure with your links and (2) identify yourself on your Site as an Amazon Associate with the language required by the Operating Agreement. 

To comply with Federal Trade Commission (FTC) regulations, your link-level disclosure must be: 

1. Clear. A clear disclosure could be as simple as “(paid link)”, “#ad” or “#CommissionsEarned”. 

2. Conspicuous. It should be placed near any associate link or product review in a location that customers will notice easily. They shouldn’t have to hunt for it. 

In addition, the Operating Agreement requires that the following statement clearly and conspicuously appears on your Site: “As an Amazon Associate I earn from qualifying purchases.” For social media user-generated content, this statement must be associated with your account. 

To read more about the FTC Endorsement Guides, visit: https://www.ftc.gov/tips-advice/business-center/guidance/ftcs-endorsement-guides-what-people-are-asking#affiliate. 

Visit this page on AC to bookmark this information about disclosures.

LinkedIn to Pull Out of China

LinkedIn said it would end service in China after the platform censored posts to keep operating but still came under government scrutiny.

"The operating environment in China has also become more difficult. Since President Xi Jinping took the reins of the Communist Party in 2012, he has repeatedly cracked down on what can be said online. Presiding over the rising power of the Cyberspace Administration of China, the country’s internet regulator, Mr. Xi turned China’s internet from a place where some sensitive topics were censored to one where critics face arrests for a constantly shifting set of infractions, like jokes at Mr. Xi’s expense.

See NYTimes  and South China Morning Post

7-Eleven Stores in Australia breached privacy through facial recognition software

A recent decision of the Privacy Commission found that 7-Eleven Stores breached the privacy of Australians by photographing customers who completed in store surveys, and then used facial recognition software to determine characteristics of the customers.

See Decision

The store was in breach because it

  • collected individuals’ sensitive information without consent, and where that
    information was not reasonably necessary for the store’s functions and
    activities, and

  • failed to take reasonable steps to notify individuals about the fact and circumstances
    of collection and the purposes of collection of that information.
     
     

    See story in The Guardian 

Ring Doorbell and Privacy

Amazon's Ring Doorbell collects data that can be used for other purposes, such as sold to law enforcement.  In light of the recent 7-Eleven case, if Amazon does this, it would be problematic.

See Washington Post article:

“I think about what the effect is of law enforcement having easy access to cameras from everyone’s porch,” Gilliard said. “It makes nuisance crimes” — from stolen Amazon packages to an egged car — “available for escalation in a way that they weren’t previously.”

Free Speech on Campus

A recent storm at Yale Law School regarding a party invitation.

"Every first-year law student learns in torts class about the plaintiff with the “eggshell skull” — someone who suffers a greater injury than normal and must be compensated accordingly. But in the modern world, it seems, everyone’s skulls are susceptible to cracking at the slightest provocation. “Taking the worst possible reading and then twisting it to make it worse is a practice that is all too common,” Colbert told me."

See Washington Post

Laws to regulate Facebook's algorithm?

From the Washington Post:

On Facebook, you decide whom to befriend, which pages to follow, which groups to join. But once you’ve done that, it’s Facebook that decides which of their posts you see each time you open your feed — and which you don’t.

The software that makes those decisions for each user, based on a secret ranking formula devised by Facebook that includes more than 10,000 factors, is commonly referred to as “the news feed algorithm,” or sometimes just “the algorithm.”  ...

Amid a broader backlash against Big Tech, Haugen’s testimony and disclosures have brought fresh urgency to debates over how to rein in social media and Facebook in particular. And as lawmakers and advocates cast about for solutions, there’s growing interest in an approach that’s relatively new on the policy scene: regulating algorithms themselves, or at least making companies more responsible for their effects. The big question is whether that can be accomplished without ruining what people still like about social media — or running afoul of the First Amendment. ...

One way to regulate algorithms without directly regulating online speech would be to amend Section 230 of the Communications Decency Act, which shields websites and apps from being sued for hosting or moderating content posted by users. Several bills propose removing that protection for certain categories of harmful content that platforms promote via their algorithms, while keeping it in place for content they merely host without amplifying.

See also Opinion in NY Times from former Facebooker

 

Facebook post leads to claim for defamation


From the NY Times:  The case of the (potentially costly) missing apostrophe.

In a Facebook post last year, Anthony Zadravic of Australia seemed to accuse his former employer of not paying “his employees” pensions. Court documents suggest that he meant to add an apostrophe; writing “his employee’s” would have implied that it was only his own pension that was missing.

In deciding to proceed with the employer’s defamation case against Zadravic, the NSW judge in the case wrote: “To fail to pay one employee’s superannuation entitlement might be seen as unfortunate; to fail to pay some or all of them looks deliberate.”

Facebook a Threat to Democracy, says Nobel Peace Prize winner from Manila

Nobel Peace Prize winner Maria Ressa used her new prominence to criticise Facebook as a threat to democracy, saying the social media giant fails to protect against the spread of hate and disinformation and is "biased against facts".

https://www.reuters.com/world/philippine-nobel-winner-ressa-calls-facebook-biased-against-facts-2021-10-09/

I guess we should realize that social media is not really media, just like oat milk is not milk. 

From the Washington Post:

"The first time I heard Ressa speak, she told how she had once tried to explain to Mark Zuckerberg that the company’s dominance in her country brought with it a huge social responsibility. Ressa told Zuckerberg that 97 percent of Filipinos used Facebook, and she invited him to the Philippines to get a better understanding of the problems that result. Zuckerberg seemed to ignore the invitation, concentrating instead on how Facebook could increase its domination in the country. “What are the other 3 percent doing, Maria?” he allegedly asked."

 

Vermont Law School sued as it wants to cover up slave mural

Vermont Law School is being sued to prevent it covering up a painting, depicting the Underground Railway and slaves.  The Law School commissioned with work in 1994.  The artist is fighting for the integrity of the art work.  The case concerns moral rights.

The centre of the case is the Visual Artists Rights Act.  Or is the case really about changing community standards? 

A local paper has this story about the case.  An earlier newspaper article.  It is hard to determine who is morally right.

Internet Law cases - top 10?

A United States digital contracting company (Ironclad) has listed what it considers to be the top 10 major internet law cases since 2000.   Being U.S. centric, they have only listed U.S. decisions.  Strange, as one key feature of the Internet is that it is global, and is helping break down borders.  My guess is that Ironclad is not interested in expanding its business outside of the U.S.

In any event, here is their U.S. centric list.

How should damages be assessed for privacy and cybersecurity breaches

Listen to this podcast where I discuss how damages should be assessed in privacy and cybersecurity lawsuits. The Lawyers Weekly Show host J...